What is risk? Risk is anything that prevents an organization from achieving its business objectives and ultimately affects the performance of an organization and its continued survival.
To ensure business is managed prudently, many business leaders have adopted risk management in various forms and frameworks. Regardless of the nature of each framework, generally risk management entails identification, analysis, mitigation action, monitoring and control of any risks that threaten the organization.
Rationales to adopt a risk management framework could be due to business and market imperative needs such as responsibilities on corporate governance, ever-changing business environment both internally and externally, shareholders’ increased focus on risk and return as they do not tolerate undesirable surprises anymore, coupled with scarcity of resources that forces allocation to be made based on risk and return.
Risks may be classified into three broad categories: strategic risks, operational risks and project risks. Strategic risks could be defined as uncertainties that are external to the organization, which impose significant impact on business performance. While operational risks refer to those inherent internal uncertainties in the ongoing operational activities within an organization. Project risks are uncertainties associated with specific and short term projects and undertakings.
Examples of strategic risks are economic risks, socio-cultural risks, demographic risks, ecological & environmental risks, public health risks, political & global security risks, governmental & legal risks, technological risks, competitive risks, etc. Strategic risks often cannot be predicted or monitored systematically, due to the lack of advance warning, and are often best identified and monitored by senior management as part of their strategic review. Accountability for managing strategic risks therefore rests with the senior management. By managing strategic risks proactively, business leaders can better forecast and quickly adapt to the ever-changing external demands, and are less likely to be surprised by undesirable external events.
Operational risks are risks associated with various functional activities within an organization such as sales and marketing, research and development, production of goods and services, logistics, finance and accounting, human resources, information technology, etc. Operational risks are often found in forms of day-to-day problems and issues.
Project risks are frequently associated with mergers and acquisitions, technology obsolescence and new technology transfer, change management and other integration projects, etc. Specific risks associated with project management are normally delegated to project managers. Nevertheless project sponsors (often the senior managers) are accountable for the achievement of project deliverables and outcomes. Benefits of efficiently managing project risks are the avoidance of unexpected time and cost overruns and fewer integration problems when assimilating new changes into day-to-day activities.
In view of the increasing importance of risk management for business leaders and managers, risk based thinking has been incorporated as an essential part of the requirements of ISO 9001:2015, ISO 14001:2015, ISO 45001:2018 and other international standards. Senior managers need to be more articulate on their risk management practices and efforts in order to demonstrate their risk based thinking process effectively.
In view of the increasing importance of risk management for business leaders and managers, risk based thinking has been incorporated as an essential part of the requirements of ISO 9001:2015, ISO 14001:2015, ISO 45001:2018 and other international standards. Senior managers need to be more articulate on their risk management practices and efforts in order to demonstrate their risk based thinking process effectively.